--- a/b2g/locales/en-US/chrome/overrides/appstrings.properties+++ b/b2g/locales/en-US/chrome/overrides/appstrings.properties@@ -27,13 +27,14 @@ externalProtocolTitle=External Protocol externalProtocolPrompt=An external application must be launched to handle %1$S: links.\n\n\nRequested link:\n\n%2$S\n\nApplication: %3$S\n\n\nIf you were not expecting this request it may be an attempt to exploit a weakness in that other program. Cancel this request unless you are sure it is not malicious.\n #LOCALIZATION NOTE (externalProtocolUnknown): The following string is shown if the application name can't be determined externalProtocolUnknown=<Unknown> externalProtocolChkMsg=Remember my choice for all links of this type. externalProtocolLaunchBtn=Launch application malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences. unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences. phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.+forbiddenBlocked=The site at %S has been blocked by your browser configuration. cspBlocked=This page has a content security policy that prevents it from being loaded in this way. corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected. remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox. sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol. weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

--- a/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd+++ b/browser/locales/en-US/chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd@@ -3,21 +3,26 @@ - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> <!ENTITY safeb.palm.accept.label "Get me out of here!"> <!ENTITY safeb.palm.decline.label "Ignore this warning"> <!ENTITY safeb.palm.notforgery.label2 "This isn't a web forgery…"> <!ENTITY safeb.palm.reportPage.label "Why was this page blocked?"> <!ENTITY safeb.blocked.malwarePage.title "Reported Attack Page!">-<!-- Localization note (safeb.blocked.malware.shortDesc) - Please don't translate the contents of the <span id="malware_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->+<!-- Localization note (safeb.blocked.malwarePage.shortDesc) - Please don't translate the contents of the <span id="malware_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) --> <!ENTITY safeb.blocked.malwarePage.shortDesc "This web page at <span id='malware_sitename'/> has been reported as an attack page and has been blocked based on your security preferences."> <!ENTITY safeb.blocked.malwarePage.longDesc "<p>Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.</p><p>Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.</p>"> <!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Page!">-<!-- Localization note (safeb.blocked.malware.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->+<!-- Localization note (safeb.blocked.unwantedPage.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) --> <!ENTITY safeb.blocked.unwantedPage.shortDesc "This web page at <span id='unwanted_sitename'/> has been reported to contain unwanted software and has been blocked based on your security preferences."> <!ENTITY safeb.blocked.unwantedPage.longDesc "<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>"> <!ENTITY safeb.blocked.phishingPage.title "Reported Web Forgery!">-<!-- Localization note (safeb.blocked.phishing.shortDesc) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->+<!-- Localization note (safeb.blocked.phishingPage.shortDesc) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) --> <!ENTITY safeb.blocked.phishingPage.shortDesc "This web page at <span id='phishing_sitename'/> has been reported as a web forgery and has been blocked based on your security preferences."> <!ENTITY safeb.blocked.phishingPage.longDesc "<p>Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.</p><p>Entering any information on this web page may result in identity theft or other fraud.</p>">++<!ENTITY safeb.blocked.forbiddenPage.title "Forbidden Site">+<!-- Localization note (safeb.blocked.forbiddenPage.shortDesc) - Please don't translate the contents of the <span id="forbidden_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->+<!ENTITY safeb.blocked.forbiddenPage.shortDesc "This Web page at <span id='forbidden_sitename'/> has been blocked based on your browser configuration.">+

--- a/browser/locales/en-US/chrome/overrides/appstrings.properties+++ b/browser/locales/en-US/chrome/overrides/appstrings.properties@@ -27,15 +27,16 @@ externalProtocolTitle=External Protocol externalProtocolPrompt=An external application must be launched to handle %1$S: links.\n\n\nRequested link:\n\n%2$S\n\nApplication: %3$S\n\n\nIf you were not expecting this request it may be an attempt to exploit a weakness in that other program. Cancel this request unless you are sure it is not malicious.\n #LOCALIZATION NOTE (externalProtocolUnknown): The following string is shown if the application name can't be determined externalProtocolUnknown=<Unknown> externalProtocolChkMsg=Remember my choice for all links of this type. externalProtocolLaunchBtn=Launch application malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences. unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences. phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.+forbiddenBlocked=The site at %S has been blocked by your browser configuration. cspBlocked=This page has a content security policy that prevents it from being loaded in this way. corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected. remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox. ## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S". sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol. ## LOCALIZATION NOTE (weakCryptoUsed) - Do not translate "%S". weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

--- a/browser/locales/en-US/chrome/overrides/netError.dtd+++ b/browser/locales/en-US/chrome/overrides/netError.dtd@@ -170,16 +170,20 @@ be temporary, and you can try again late "> <!ENTITY phishingBlocked.title "Suspected Web Forgery!"> <!ENTITY phishingBlocked.longDesc " <p>Entering any personal information on this page may result in identity theft or other fraud.</p> <p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p> ">+<!ENTITY forbiddenBlocked.title "Forbidden Site">+<!ENTITY forbiddenBlocked.longDesc "<p>&brandShortName; prevented this page from loading because it is configured to block it.</p>+">+ <!ENTITY cspBlocked.title "Blocked by Content Security Policy"> <!ENTITY cspBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this way because the page has a content security policy that disallows it.</p>"> <!ENTITY corruptedContentError.title "Corrupted Content Error"> <!ENTITY corruptedContentError.longDesc "<p>The page you are trying to view cannot be shown because an error in the data transmission was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>"> <!ENTITY securityOverride.linkText "Or you can add an exception…">

--- a/dom/locales/en-US/chrome/appstrings.properties+++ b/dom/locales/en-US/chrome/appstrings.properties@@ -26,13 +26,14 @@ externalProtocolTitle=External Protocol externalProtocolPrompt=An external application must be launched to handle %1$S: links.\n\n\nRequested link:\n\n%2$S\n\nApplication: %3$S\n\n\nIf you were not expecting this request it may be an attempt to exploit a weakness in that other program. Cancel this request unless you are sure it is not malicious.\n #LOCALIZATION NOTE (externalProtocolUnknown): The following string is shown if the application name can't be determined externalProtocolUnknown=<Unknown> externalProtocolChkMsg=Remember my choice for all links of this type. externalProtocolLaunchBtn=Launch application malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences. unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences. phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.+forbiddenBlocked=The site at %S has been blocked by your browser configuration. cspBlocked=This page has a content security policy that prevents it from being loaded in this way. corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected. remoteXUL=This page uses an unsupported technology that is no longer available by default. sslv3Used=The safety of your data on %S could not be guaranteed because it uses SSLv3, a broken security protocol. weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, the connection to this website has not been established.

--- a/dom/locales/en-US/chrome/netError.dtd+++ b/dom/locales/en-US/chrome/netError.dtd@@ -87,16 +87,20 @@ "> <!ENTITY phishingBlocked.title "Suspected Web Forgery!"> <!ENTITY phishingBlocked.longDesc " <p>Entering any personal information on this page may result in identity theft or other fraud.</p> <p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p> ">+<!ENTITY forbiddenBlocked.title "Forbidden Site">+<!ENTITY forbiddenBlocked.longDesc "<p>The browser prevented this page from loading because it is configured to block it.</p>+">+ <!ENTITY securityOverride.linkText "Or you can add an exception…"> <!ENTITY securityOverride.warningContent " <p>You should not add an exception if you are using an internet connection that you do not trust completely or if you are not used to seeing a warning for this server.</p> <p>If you still wish to add an exception for this site, you can do so in your advanced encryption settings.</p> "> <!ENTITY cspBlocked.title "Blocked by Content Security Policy"> <!ENTITY cspBlocked.longDesc "<p>The browser prevented this page from loading in this way because the page has a content security policy that disallows it.</p>">

--- a/mobile/locales/en-US/overrides/appstrings.properties+++ b/mobile/locales/en-US/overrides/appstrings.properties@@ -27,13 +27,14 @@ externalProtocolTitle=External Protocol externalProtocolPrompt=An external application must be launched to handle %1$S: links.\n\n\nRequested link:\n\n%2$S\n\nApplication: %3$S\n\n\nIf you were not expecting this request it may be an attempt to exploit a weakness in that other program. Cancel this request unless you are sure it is not malicious.\n #LOCALIZATION NOTE (externalProtocolUnknown): The following string is shown if the application name can't be determined externalProtocolUnknown=<Unknown> externalProtocolChkMsg=Remember my choice for all links of this type. externalProtocolLaunchBtn=Launch application malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences. phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information. unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.+forbiddenBlocked=The site at %S has been blocked by your browser configuration. cspBlocked=This page has a content security policy that prevents it from being loaded in this way. corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected. remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox. sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol. weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

--- a/toolkit/components/url-classifier/nsUrlClassifierDBService.h+++ b/toolkit/components/url-classifier/nsUrlClassifierDBService.h@@ -113,16 +113,20 @@ private: // TRUE if the nsURIClassifier implementation should check for phishing // uris on document loads. bool mCheckPhishing; // TRUE if the nsURIClassifier implementation should check for tracking // uris on document loads. bool mCheckTracking;+ // TRUE if the nsURIClassifier implementation should check for forbidden+ // uris on document loads.+ bool mCheckForbiddenURIs;+ // TRUE if a BeginUpdate() has been called without an accompanying // CancelUpdate()/FinishUpdate(). This is used to prevent competing // updates, not to determine whether an update is still being // processed. bool mInUpdate; // The list of tables that can use the default hash completer object. nsTArray<nsCString> mGethashTables;

--- a/webapprt/locales/en-US/webapprt/overrides/appstrings.properties+++ b/webapprt/locales/en-US/webapprt/overrides/appstrings.properties@@ -26,13 +26,14 @@ externalProtocolTitle=External Protocol externalProtocolPrompt=An external application must be launched to handle %1$S: links.\n\n\nRequested link:\n\n%2$S\n\nApplication: %3$S\n\n\nIf you were not expecting this request it may be an attempt to exploit a weakness in that other program. Cancel this request unless you are sure it is not malicious.\n #LOCALIZATION NOTE (externalProtocolUnknown): The following string is shown if the application name can't be determined externalProtocolUnknown=<Unknown> externalProtocolChkMsg=Remember my choice for all links of this type. externalProtocolLaunchBtn=Launch application malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences. unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences. phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.+forbiddenBlocked=The site at %S has been blocked by your browser configuration. cspBlocked=This application tried to access a resource that has a content security policy that prevents it from being loaded in this way. corruptedContentError=The application cannot continue loading because an error in the data transmission was detected. remoteXUL=This application tried to use an unsupported technology that is no longer available. sslv3Used=This application cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol. weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, this application has not connected to this website.

--- a/xpcom/base/ErrorList.h+++ b/xpcom/base/ErrorList.h@@ -701,16 +701,17 @@ #define MODULE NS_ERROR_MODULE_URILOADER ERROR(NS_ERROR_WONT_HANDLE_CONTENT, FAILURE(1)), /* The load has been cancelled because it was found on a malware or phishing * blacklist. */ ERROR(NS_ERROR_MALWARE_URI, FAILURE(30)), ERROR(NS_ERROR_PHISHING_URI, FAILURE(31)), ERROR(NS_ERROR_TRACKING_URI, FAILURE(34)), ERROR(NS_ERROR_UNWANTED_URI, FAILURE(35)),+ ERROR(NS_ERROR_FORBIDDEN_URI, FAILURE(36)), /* Used when "Save Link As..." doesn't see the headers quickly enough to * choose a filename. See nsContextMenu.js. */ ERROR(NS_ERROR_SAVE_LINK_AS_TIMEOUT, FAILURE(32)), /* Used when the data from a channel has already been parsed and cached so it * doesn't need to be reparsed from the original source. */ ERROR(NS_ERROR_PARSED_DATA_CACHED, FAILURE(33)), /* This success code indicates that a refresh header was found and